Add missing 403 responses on profile endpoints #1867
Conversation
Signed-off-by: Johannes Marbach <n0-0ne+github@mailbox.org>
| @@ -98,6 +98,20 @@ paths: | |||
| value: { | |||
| "displayname": "Alice Margatroid" | |||
| } | |||
| "403": | |||
| x-addedInMatrixVersion: "1.2" | |||
There was a problem hiding this comment.
I don't know if this is correct but technically we're clarifying the 403 response introduced in Matrix v1.2.
There was a problem hiding this comment.
LGTM, but will await opinions from other SCT members on https://github.com/matrix-org/matrix-spec/pull/1867/files#r1636536644
| "403": | ||
| x-addedInMatrixVersion: "1.2" | ||
| description: The server is unwilling to disclose whether the user exists and/or | ||
| has a display name. | ||
| content: | ||
| application/json: | ||
| schema: | ||
| $ref: ../client-server/definitions/errors/error.yaml | ||
| examples: | ||
| response: | ||
| value: { | ||
| "errcode": "M_FORBIDDEN", | ||
| "error": "Profile lookup over federation is disabled on this homeserver" | ||
| } |
There was a problem hiding this comment.
actually: given MSC3550 didn't mention the federation API at all, making this change without an MSC seems like a bit of a stretch.
There was a problem hiding this comment.
(and while we're at it maybe we should discuss the additional client endpoints too, since they weren't technically covered by the MSC or the original spec PR)
There was a problem hiding this comment.
given MSC3550 didn't mention the federation API at all
It mentions that the reason the MSC is being written is for requests over federation, but then doesn't mention the federation endpoints at all.
I'm a bit torn on it.
There was a problem hiding this comment.
I am (not eager but definitely) willing to put up a short MSC for this. I would like to ensure that it's time well spent though. So I'll hold off of doing anything until you've found an agreement on whether an MSC is needed or not.
There was a problem hiding this comment.
We discussed it briefly at the time of richvdh's comment, and I think the thread here captures that discussion well. It feels like it needs an MSC because it's relatively unclear what the original MSC's intended scope was.
As a formality, my vote is +1.0 to needing an MSC because the intention and history are different stories.
There was a problem hiding this comment.
Ok, makes sense. I'll try and put something together next week.
The 403 response for the CS profile endpoint was originally introduced by matrix-org/matrix-spec-proposals#3550. Given that the other profile-related endpoints in the CS API and the corresponding endpoint in the SS API operate on the same data, I can only assume that adding the responses there as well was an oversight.
Pull Request Checklist
Preview: https://pr1867--matrix-spec-previews.netlify.app